226 lines
7.5 KiB
Gherkin
226 lines
7.5 KiB
Gherkin
|
Feature: Memberships
|
||
|
In order to ensure memberships are not tampered with
|
||
|
As an admin, designer or author
|
||
|
I will be restricted based on my role
|
||
|
|
||
|
Background:
|
||
|
Given I have the site: "test site" set up with id: "4f832c2cb0d86d3f42fffffb"
|
||
|
And I have accounts:
|
||
|
| email | id |
|
||
|
| new-user@a.com | 4f832c2cb0d86d3f42fffffc |
|
||
|
And I have memberships:
|
||
|
| email | role | id |
|
||
|
| admin@a.com | admin | 4f832c2cb0d86d3f42fffffd |
|
||
|
| designer@a.com | designer | 4f832c2cb0d86d3f42fffffe |
|
||
|
| author@a.com | author | 4f832c2cb0d86d3f42ffffff |
|
||
|
|
||
|
Scenario: As an unauthenticated user
|
||
|
Given I am not authenticated
|
||
|
When I do an API GET to memberships.json
|
||
|
Then the JSON response at "error" should be "You need to sign in or sign up before continuing."
|
||
|
|
||
|
# listing memberships
|
||
|
|
||
|
Scenario: Accessing memberships as an Admin
|
||
|
Given I have an "admin" API token
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 4 entries
|
||
|
|
||
|
Scenario: Accessing memberships as a Designer
|
||
|
Given I have a "designer" API token
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 4 entries
|
||
|
|
||
|
Scenario: Accessing memberships as an Author
|
||
|
Given I have an "author" API token
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then an access denied error should occur
|
||
|
|
||
|
# showing membership
|
||
|
|
||
|
Scenario: Accessing membership as an Admin
|
||
|
Given I have an "admin" API token
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffd.json
|
||
|
Then the JSON response at "email" should be "admin@a.com"
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffe.json
|
||
|
Then the JSON response at "email" should be "designer@a.com"
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
Then the JSON response at "email" should be "author@a.com"
|
||
|
|
||
|
Scenario: Accessing membership as a Designer
|
||
|
Given I have a "designer" API token
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffd.json
|
||
|
Then the JSON response at "email" should be "admin@a.com"
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffe.json
|
||
|
Then the JSON response at "email" should be "designer@a.com"
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
Then the JSON response at "email" should be "author@a.com"
|
||
|
|
||
|
Scenario: Accessing membership as an Author
|
||
|
Given I have an "author" API token
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42fffffe.json
|
||
|
Then an access denied error should occur
|
||
|
|
||
|
# create membership
|
||
|
|
||
|
Scenario: Creating new membership as an Admin
|
||
|
Given I have an "admin" API token
|
||
|
When I do an API POST to memberships.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"site_id": "4f832c2cb0d86d3f42fffffb",
|
||
|
"account_id": "4f832c2cb0d86d3f42fffffc"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 5 entries
|
||
|
|
||
|
Scenario: Creating new membership as a Designer
|
||
|
Given I have a "designer" API token
|
||
|
When I do an API POST to memberships.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"site_id": "4f832c2cb0d86d3f42fffffb",
|
||
|
"account_id": "4f832c2cb0d86d3f42fffffc"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 5 entries
|
||
|
|
||
|
Scenario: Creating new membership as an Author
|
||
|
Given I have an "author" API token
|
||
|
When I do an API POST to memberships.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"site_id": "4f832c2cb0d86d3f42fffffb",
|
||
|
"account_id": "4f832c2cb0d86d3f42fffffc"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
Then an access denied error should occur
|
||
|
|
||
|
Scenario: Created membership should always be Author
|
||
|
Given I have an "admin" API token
|
||
|
When I do an API POST to memberships.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"site_id": "4f832c2cb0d86d3f42fffffb",
|
||
|
"account_id": "4f832c2cb0d86d3f42fffffc",
|
||
|
"role": "admin"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 5 entries
|
||
|
And the JSON at "4/role" should be "author"
|
||
|
|
||
|
# update membership
|
||
|
|
||
|
Scenario: Updating membership as an Admin
|
||
|
Given I have an "admin" API token
|
||
|
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"role": "admin"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
Then the JSON response at "role" should be "admin"
|
||
|
|
||
|
Scenario: Updating membership as a Designer
|
||
|
Given I have a "designer" API token
|
||
|
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"role": "admin"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
Then the JSON response at "role" should be "author"
|
||
|
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"role": "designer"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
When I do an API GET request to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
Then the JSON response at "role" should be "designer"
|
||
|
|
||
|
Scenario: Updating membership as an Author
|
||
|
Given I have a "author" API token
|
||
|
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"role": "admin"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
Then an access denied error should occur
|
||
|
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"role": "designer"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
Then an access denied error should occur
|
||
|
When I do an API PUT to memberships/4f832c2cb0d86d3f42ffffff.json with:
|
||
|
"""
|
||
|
{
|
||
|
"membership": {
|
||
|
"role": "author"
|
||
|
}
|
||
|
}
|
||
|
"""
|
||
|
Then an access denied error should occur
|
||
|
|
||
|
# destroy membership
|
||
|
|
||
|
Scenario: Destroying membership as an Admin
|
||
|
Given I have an "admin" API token
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 4 entries
|
||
|
When I do an API DELETE to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 3 entries
|
||
|
|
||
|
Scenario: Destroying membership as a Designer
|
||
|
Given I have a "designer" API token
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 4 entries
|
||
|
When I do an API DELETE to memberships/4f832c2cb0d86d3f42ffffff.json
|
||
|
When I do an API GET request to memberships.json
|
||
|
Then the JSON response should be an array
|
||
|
And the JSON response should have 3 entries
|
||
|
When I do an API DELETE to memberships/4f832c2cb0d86d3f42fffffe.json
|
||
|
Then an access denied error should occur
|
||
|
When I do an API DELETE to memberships/4f832c2cb0d86d3f42fffffd.json
|
||
|
Then an access denied error should occur
|
||
|
|
||
|
Scenario: Deleting membership as an Author
|
||
|
Given I have a "author" API token
|
||
|
When I do an API DELETE to memberships/4f832c2cb0d86d3f42fffffe.json
|
||
|
Then an access denied error should occur
|